[CentOS] Groups

Mon Jan 31 16:49:53 UTC 2011
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

Todd wrote:
>      > On one of my servers I have a personal account and root. I
>     disable root for ssh logins and run ssh on an alternative port. When
>     'scp'ing files I usually scp them up, then ssh in 'su' root and move
>     them to /var/www/html.
>      >
>      > I can sftp I realize, but what group can I add my personal
>     account to, but not root, so I can sftp in and put the files in
>     /var/www/html?
>     There are a dozen ways to do this. One is to uplodate with WebDAV over
>     HTTPS, which is built into Apache on CentOS and has plenty of usable
>     clients such as lftp. Another is simply to designate a directory under
>     /var/www/html/, owned by you personally, that the apache user can
>     browse. That give you direct upload access as yourself.
> Right, but giving myself a directory doesn't allow me to put files other
> places in /var/www/html....
> My goal here is to be able to use my iPad over my ssh port to pull down
> files, edit them and save them back. Also, upload new files when I am at
> my desktop.
> With /var/www/html owned by root:root and me loggin in as 'jason' I
> cannot accomplish this. I don't allow root logins over ssh...
> So I think that something needs to change.
> Would I change /var/www/html/<my domain> owner to myid:mygroup? I am not
> sure the famifications of this and how Apache would behave, etc.

The whole of /var/www can belong to myid:mygroup as long as the apache 
user can read it. If apache must write some files somewhere (eg via a 
cgi script), it needs write access to that specific somewhere, but 
that's it.